New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 749793 link

Starred by 2 users

Issue metadata

Status: Fixed
Owner:
Last visit > 30 days ago
Closed: Oct 2017
Cc:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 2
Type: Bug

Blocked on:
issue 734200
issue 734401
issue 735370
issue 747350
issue 773426

Blocking:
issue 584819



Sign in to add a comment

Multiple stack-overflow issues in gn_parser_fuzzer

Project Member Reported by mmoroz@chromium.org, Jul 27 2017

Issue description

There are several stack-overflow crashes in GN (see blocking issues). I guess all of these issues may have the same root cause, but not sure.

Existing fuzzer is hitting stack-overflow in 66% of runs: https://clusterfuzz.com/v2/performance-report/libFuzzer_gn_parser_fuzzer/libfuzzer_chrome_asan/latest


 

Comment 1 by mmoroz@chromium.org, Jul 27 2017

Blockedon: 734200 747350 734401 735370
Blocking: 584819
Cc: och...@chromium.org mbarbe...@chromium.org kcc@chromium.org tanin@chromium.org infe...@chromium.org
Owner: thakis@chromium.org
Nico, I'm not sure whether you are a proper owner for that, but since you've added the fuzzer, let me assign this to you :)

Comment 2 by thakis@chromium.org, Jul 27 2017

I liked this suggestion: https://bugs.chromium.org/p/chromium/issues/detail?id=648076#c6

But it basically just cuts of parsing in cases where we'd hit the overflow, so adding it didn't seem super useful to me, so I didn't. It's a one-line patch if someone feels like it though!
Cc: brettw@chromium.org
Blockedon: 773426

Comment 5 by mmoroz@chromium.org, Oct 18 2017

Cc: penny...@chromium.org
Project Member

Comment 6 by bugdroid1@chromium.org, Oct 30 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/697f302d91e7ad4466416ab22c290c7fea9c6b93

commit 697f302d91e7ad4466416ab22c290c7fea9c6b93
Author: Penny MacNeil <pennymac@chromium.org>
Date: Mon Oct 30 21:29:41 2017

[GN fuzzer] Stack overflow fix.

Fuzzathon 2017.

Bug:  648076 , 749793 , 773426 , 768111 , 754972 , 734401 , 734200 
Change-Id: Ic608c5a374252809443a879ad4e2ddf8f6184697
Reviewed-on: https://chromium-review.googlesource.com/736159
Commit-Queue: Penny MacNeil <pennymac@chromium.org>
Reviewed-by: Nico Weber <thakis@chromium.org>
Reviewed-by: Dirk Pranke <dpranke@chromium.org>
Reviewed-by: Max Moroz <mmoroz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#512626}
[modify] https://crrev.com/697f302d91e7ad4466416ab22c290c7fea9c6b93/tools/gn/parser_fuzzer.cc

Status: Fixed (was: Untriaged)
I'll just let this breathe for a bit Max.  Let me know if you see any problems on clusterfuzz in the next couple days.  Setting this ticket to Fixed, but not Verified yet.
Cc: thakis@chromium.org
Owner: penny...@chromium.org

Sign in to add a comment